A block cipher is any method that applies a deterministic algorithm along with a symmetric key to encrypt a block of text, rather than encrypting one bit at a time as in stream ciphers.
A block cipher can also be defined as a method of encrypting text where a cryptographic key and algorithm are applied to a block of data, for example, 64 contiguous bits, at once as a group rather than to one bit at a time.
To put is simply, block ciphers are pseudorandom permutation (PRP) families that operate on fixed-size block of bits.
PRPs refer to functions that cannot be differentiated from completely random permutations and thus, are considered reliable until proven unreliable.
- Read: Cryptographic hash functions.
Normally the ciphertext from the previous encrypted block is applied to the next block in a sequence.
The reason for this is to ensure that identical blocks of text do not get encrypted the same way in a message.
This makes it harder to decipher the ciphertext.
Also, an initialization vector derived from a random number generator is combined with the text in the first block and the key.
The reason for this is to prevent identical messages encrypted on the same day from producing identical ciphertext.
- Read: What is the ciphertext.
This ensures that all subsequent blocks result in ciphertext that doesn’t match that of the first encrypting.
Here some aspects to consider when selecting a size of a block:
- Avoid very small block size – if, for instance, a block size is m bits. Then the possible plaintext bits combinations are then 2^m. Larger block sizes prevent dictionary attacks.
- Do not have a very large block size – with a very large block size, the cipher becomes inefficient to operate. Such plaintexts will need to be padded before being encrypted.
- Multiples of 8 bit – the most preferred block size is a multiple of 8 as it is easy for implementation as most computer processors handle data in multiple of 8 bits.
Padding in Block Cipher
Block ciphers process blocks of fixed sizes, for example, 64 bits. Most of the time the length of plaintext is not a multiple of the block size.
For example, a 150-bit plaintext provides two blocks of 64 bits each with the third block of balance 22 bits.
The last block of bits needs to be padded up with redundant information so that the length of the final block equal to block size of the scheme.
For this example, the remaining 22 bits need to have an additional 42 bits added to provide a complete block.
This entire process of adding bits to the last block is called padding.
You should avoid padding as it makes the system inefficient. Padding may make a system insecure when the same bits are used every time.
Block cipher modes of operation
Block cipher modes of operation have been developed to eliminate the chance of encrypting identical blocks of text the same way.
The modes of operation of block ciphers are configuration methods that allow those ciphers to work with large data streams, without the risk of compromising the provided security.
- Read: Introduction to Cryptography.
For example, the ciphertext formed from the previous encrypted block is applied to the next block.
Also, a block of bits called an initialization vector (IV) is used by modes of operation to ensure ciphertexts remain distinct even when the same plaintext message is encrypted a number of times.
Here is a list of 7 block ciphers modes of operation:
- Cipher block chaining (CBC) – this mode is about adding XOR each plaintext block to the ciphertext block that was previously produced. The result is then encrypted using the cipher algorithm in the usual way. As a result, every subsequent ciphertext block depends on the previous one.
- Cipher feedback (CFB) – very similar to CBC mode. The difference is that one should encrypt ciphertext data from the previous round (not the plaintext block) and then add the output to the plaintext bits.
- Counter (CTR) – first keystream bits are created regardless of the content of encrypted data blocks. Subsequent values of an increasing counter are added to a nonce value and the results are encrypted as usual. The nonce plays the role of an initialization vector.
- Galois counter mode (GCM) – this mode provides both encryption and integrity. GCM maintains a counter, for each block of data, it sends the current value of the counter through the block cipher. Then, it takes the output of the block cipher, and exclusive or’s that with the plaintext to form the ciphertext.
- Electronic codebook (ECB) – where each plaintext block is encrypted separately. Also, each ciphertext block is decrypted separately. This makes it possible to encrypt and decrypt by using many threads simultaneously.
- Output feedback (OFB) – algorithms using this mode first create keystream bits that are used for encryption of subsequent data blocks.
- Propagating or plaintext cipher-block chaining (PCBC) – it mixes bits from the previous and current plaintext blocks, before encrypting them. In the PCBC mode, both encryption and decryption can be performed using only one thread at a time.
Block cipher examples
Here is a list of 5 most popular block ciphers:
- Data encryption standard (DES) – is a 64-bit cipher that works with a 64-bit key. Actually, 8 of the 64 bits in the key are parity bits, so the key size is 56 bits long.
- 3DES – is a DES that run three times, Each DES operation can use a different key, with each key being 56 bits long. 3DES has a block size of 64 bits.
- Advanced encryption standard (AES) – it has a block size of 128 bits and supports three possible key sizes; 128, 192, and 256 bits. The longer the key size, the stronger the encryption.
- Blowfish – it has a block size of 64 bits and supports a variable-length key that can range from 32 to 448 bits.
- Twofish – it is a 128-bit block cipher that supports key sizes up to 256 bits long.
Other block ciphers include IDEA, Serpent, RC5, Kuznyechik, CAST5, and Skipjack.
Now I want to hear from you.
What do you think of block ciphers?
Or maybe I missed an important aspect.
Either way, let me know by leaving a comment below.